Information Security Engineer

  • Full Time
  • Cary, NC
  • Applications have closed


As an Information Security Engineer within Global Information Security, you will be responsible for helping protect SAS by developing and executing innovative security controls, defenses and countermeasures designed to help prevent internal and external attacks. Candidates should possess a diverse set of skills including automating security tasks, security architecture, security operations tool development, risk assessment, incident response, log analysis, consulting and providing guidance about best practices.

Primary Responsibilities:

  • Researches attempted or successful efforts to compromise systems security, determines causes of security violations, and designs countermeasures.
  • Routinely conducts security risk assessments on networks and systems and makes recommendations to management to improve security and avoid negative impact on the business caused by theft, destruction, alteration, or denial of access to information and systems.
  • Maintains network security devices such as IDS/IPS, proxy servers, NGFWs, etc.
  • Develops and maintains existing security operations tools.
  • Responds to security incidents as part of the Incident Response Team.
  • Evaluates new products as they are being considered and provides recommendations for usage.
  • Researches latest security best practices, staying abreast of new threats and vulnerabilities and helps disseminate this information to appropriate groups within the organization.
  • Coordinates and executes security projects for the organization.



  • 3+ years of demonstrable information security experience.
  • Bachelor’s degree in computer science or related quantitative field.
  • If not already certified as a CISSP, be capable of qualifying for and passing related certification exam.
  • Ability to analyze and classify security events for remediation.
  • Experience with log management/SIEM technologies and configuration.
  • Experience automating tasks via various scripting languages (Python, PERL, PHP, and/or Shell).


  • Experience with securing cloud servers such as AWS, Azure, etc.
  • Ability to communicate clearly, to both technical and non-technical audiences, risks, threats, and vulnerabilities identified during assessments.
  • Ability to review and advise on policies, procedures, technical documentation and contract reviews.
  • Ability to prioritize work and meet deadlines.
  • UNIX and Windows system administration.
  • Demonstrated understanding of TCP/IP networking.
  • Knowledge of information security practices and procedures.
  • Knowledge of risk management standards and procedures.
  • Ability to utilize both manual and automated attack methods.